Incident Response Security Engineer
About the role
The Role:
Provides security and technical expertise to support the development of security objects to satisfy business requirements. Analyzes and administers security policies to control physical and virtual system access. Identifies and investigates security issues and develops security solutions that address compliance requirements that can/ do impact security. Identifies, develops, and implements mechanisms to detect security incidents in order to enhance compliance and support of the security standards and procedures. Assesses business role requirements, reviews authorization roles, and supports authorizations. Demonstrates a comprehensive skill set with testing authorizations for multiple environments and coordinates testing with business/technical users. Validates system configurations to ensure the safety of information systems assets and protects information systems from intentional or inadvertent access or destruction. Implements best practice when applying knowledge of information systems security standards/practices (e.g.access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
Responsibilities
- Develops and executes security controls, defenses, and countermeasures to intercept and prevent internal/external data infiltrations.
- Determines strategy and protocol for network behavior, analysis techniques, and tool implementation.
- Identifies security gaps that expose Costco to potential exploit and develop short-and long-term prioritized remediation to address those gaps.
- Designs and coordinates activities/engagements with other departments (loss prevention, legal, networking, etc).
- Works with internal and external auditors.
- Maintains and supports security tools.
- Protects confidentiality, integrity, and availability of information from being disclosed to unauthorized parties.
- Creates dashboards, configures alerts, implements and supports security software platforms, and monitors tools/apps.
- Identifies opportunities for streamlining, and increasing effectiveness through continuous process improvement.
- Implements practices, processes, and procedures consistent with Costco's information security policy and IT standards.
- Develops and documents security events and incident handling procedures into Playbooks.
- Trips and prioritizes, investigates, and coordinates security events and incident handling activities.
- Collaborates with business partners, project teams, and team members to build secure solutions that protects data and enables the business with tools and processes that make sense and adapt to changing business needs both on-premises and in the cloud.
- Works with other Cyber Security team members effectively, serves as a SME for security operations for multiple technologies.
Requirements
- 10+ years in Information Security including 5+ years in the SIEM and 5+ years in Incident Response/Threat Hunting.
- Certified in the following: GREM, GCIA, GCIH, CISSP, GISP, GCWIN, GCFA.
- Expertise with SIEM and Log Analytics, SOAR, R policies and procedures.
- Demonstrated knowledge of application security controls, common vulnerabilities, and penetration testing methodologies, technical expert with analytical skills, including the gathering and analyzing of facts formulating objective conclusions modified by subjective and experience-based qualifiers with appropriate, defining problems, and promoting solutions.
- Experienced with scripting in python, powershell, or similar language.
- Strong understanding of the different stages of a Cyber-Attack and how those attacks could be executed in the Costco network, aligning solutions with the MITRE ATT&CK Matrix.
- Parse and manipulate data to allow for data normalization or allow for search or easier representations for use.
- Demonstrated strong knowledge of network security architecture concepts including topology, protocols, components, and principles, network services and protocols interactions that provide network communication, knowledge of network protocols such as TCP/IP, Domain Name System (DNS), Dynamic Host Configuration (DHCP), and Directory services (LDAP).
- GSEC (GIAC Security Essentials).
Qualifications
- Recommended Bachelor's degree in Computer Science or Computer Security/Forensics.
Skills
- Expertise with SIEM and Log Analytics, SOAR, R policies and procedures.
- Demonstrated knowledge of application security controls, common vulnerabilities, and penetration testing methodologies, technical expert with analytical skills, including the gathering and analyzing of facts formulating objective conclusions modified by subjective and experience-based qualifiers with appropriate, defining problems, and promoting solutions.
- Experienced with scripting in python, powershell, or similar language.
- Strong understanding of the different stages of a Cyber-Attack and how those attacks could be executed in the Costco network, aligning solutions with the MITRE ATT&CK Matrix.
- Parse and manipulate data to allow for data normalization or allow for search or easier representations for use.
- Demonstrated strong knowledge of network security architecture concepts including topology, protocols, components, and principles, network services and protocols interactions that provide network communication, knowledge of network protocols such as TCP/IP, Domain Name System (DNS), Dynamic Host Configuration (DHCP), and Directory services (LDAP).
- GSEC (GIAC Security Essentials).
Benefits
- Paid time off.
- Health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.
Pay
Level SR - $150,000 - $190,000, Bonus and Restricted Stock Unit (RSU) eligible
Level Staff - $180,000 - $225,000, Bonus and Restricted Stock Unit (RSU) eligible
Schedule
Full-time